Skip to main content
Sign in
Themis Protocol1 decision on this page

Audit log

Every state-changing event for Themis Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-29 17:23:43Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,983,065
    sig
    4yjzmpwwyPMR…n6cwUvV4explorer ↗
    hash
    3u8mCiHYZQdF…fQvwmGJhsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5962 B) ▸
    {"actor":"system:backfill","investigation_id":"1848f0de-42fd-40f9-ba1b-84c8aa72ef2a","kind":"publish","page_slug":"themis-protocol","published_at":"2026-05-29T17:23:43.305Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Themis Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.themis.exchange/themis-the-first-defi-nft-lending-protocol-raises-2m-with-multiple-backers-including-dao-maker-4554fb9f578f","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/themis-protocol","type":"other","url":""},{"credibility":3,"name":"https://github.com/Themis-protocol/Introduction","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://neptunemutual.medium.com/how-was-themis-protocol-exploited-79844ff4f97b","type":"other","url":""},{"credibility":3,"name":"https://smartcontract.tips/articoli/flash-loan-attack-themis-en/","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/themis-protocol-hack-analysis-7241f6470b2e","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=themis-protocol-hacked-shortly-after-going-live","type":"other","url":""},{"credibility":3,"name":"https://arbiscan.io/address/0xdb73eb484e7dea3785520d750eabef50a9b9ab33","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://neptunemutual.medium.com/how-was-themis-protocol-exploited-79844ff4f97b","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/themis-protocol-hack-analysis-7241f6470b2e","type":"other","url":""},{"credibility":3,"name":"https://github.com/Themis-protocol/Solidity-Open-Source/issues/1","type":"other","url":""},{"credibility":3,"name":"https://smartcontract.tips/articoli/flash-loan-attack-themis-en/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptorank.io/news/feed/1ea76-198354-themis-protocol-370000-damage-due-to-flashloan-attack","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.net/news/security/21237749/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=themis-protocol-hacked-shortly-after-going-live","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/themis-protocol","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=themis-protocol-hacked-shortly-after-going-live","type":"other","url":""},{"credibility":3,"name":"https://github.com/Themis-protocol/Solidity-Open-Source/issues/1","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/themis-protocol-hack-analysis-7241f6470b2e","type":"other","url":""},{"credibility":3,"name":"https://neptunemutual.medium.com/how-was-themis-protocol-exploited-79844ff4f97b","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://arbiscan.io/address/0xdb73eb484e7dea3785520d750eabef50a9b9ab33","type":"other","url":""},{"credibility":3,"name":"https://neptunemutual.medium.com/how-was-themis-protocol-exploited-79844ff4f97b","type":"other","url":""},{"credibility":3,"name":"https://smartcontract.tips/articoli/flash-loan-attack-themis-en/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/themis-protocol","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/1ea76-198354-themis-protocol-370000-damage-due-to-flashloan-attack","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=themis-protocol-hacked-shortly-after-going-live","type":"other","url":""}]}],"sources_used":[],"summary":"Themis Protocol is a DeFi lending and borrowing platform deployed on Arbitrum that allows users to collateralize Uniswap v3 LP positions and Balancer LP tokens to borrow stablecoins and blue-chip assets. On June 27, 2023, approximately eleven days after its beta launch, the protocol suffered a flash loan oracle manipulation exploit resulting in approximately $370,000 in losses. The attacker laundered the stolen funds via Tornado Cash, the protocol was suspended indefinitely, and TVL effectively dropped to near zero following the incident.","timeline":[{"date":"2021-11-01","event":"Themis Protocol announces $2 million seed round with backers including DAO Maker, NFX, LD Capital, and Ghaf Capital.","source":""},{"date":"2022-03-28","event":"A High Risk vulnerability in the Uniswap v3 LP pricing formula is filed in Themis Protocol's public GitHub repository, noting that use of spot price (slot0) rather than TWAP makes LP token collateral exploitable via price manipulation.","source":""},{"date":"2023-06-16","event":"Themis Protocol launches in beta on Arbitrum One. TVL grows to approximately $1 million within days.","source":""},{"date":"2023-06-27","event":"Themis Protocol is exploited via a flash loan oracle manipulation attack on Arbitrum One. Approximately $370,000 is stolen by manipulating the Balancer LP token price oracle. Attacker address: 0xdb73eb484e7dea3785520d750eabef50a9b9ab33.","source":""},{"date":"2023-06-27","event":"Themis team suspends borrowing functions and announces an emergency investigation. Team states it is preparing a compensation plan and pursuing fund recovery from the attacker.","source":""},{"date":"2023-06-28","event":"Attacker cross-chains stolen funds via Stargate Finance and begins laundering approximately 191 ETH through Tornado Cash.","source":""},{"date":"2023-06-28","event":"Multiple security firms including Neptune Mutual and SolidityScan publish post-mortem analyses of the Themis Protocol exploit.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 7193a11d-1425-4724-a643-8ac46a316ec4
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.